{
  "threat_severity" : "Moderate",
  "public_date" : "2019-04-10T00:00:00Z",
  "bugzilla" : {
    "description" : "wpa_supplicant: SAE Timing-based and Cache-based side-channel attack against WPA3's Dragonfly handshake",
    "id" : "1699141",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1699141"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-385",
  "details" : [ "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected." ],
  "statement" : "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6 as they did not include support for SAE (Simultaneous\nAuthentication of Equals).\nThis issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 as they are not compiled with SAE (Simultaneous\nAuthentication of Equals) enabled. In particular, the CONFIG_SAE=y option is not set at compile time.\nAn attacker must be able to run unprivileged code on the victim's machine to be able to exploit it, lowering the severity of this flaw to Moderate.",
  "acknowledgement" : "Red Hat would like to thank Eyal Ronen (Tel Aviv University & KU Leuven) and Mathy Vanhoef (NYUAD) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "redhat-virtualization-host",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "rhvm-appliance",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-9494\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9494\nhttps://w1.fi/security/2019-1/sae-side-channel-attacks.txt\nhttps://www.kb.cert.org/vuls/id/871675/" ],
  "name" : "CVE-2019-9494",
  "csaw" : false
}